Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/1e63b6-3956-4d12-b19f-5bef6420a028/1/scYSHs2fDwfJ_LjsAazAk0EvsO0.roa
File:                     scYSHs2fDwfJ_LjsAazAk0EvsO0.roa (raw, json)
Hash identifier:          LSP2T62K/dEqpQFRh+HkIeJYY21Rcc5bRlhJov3ch/g=
Subject key identifier:   B1:C6:12:1E:CD:9F:0F:07:C9:FC:B8:EC:01:AC:C0:93:41:2F:B0:ED
Certificate issuer:       /CN=3cc94ff479778651a605121f1ffe678196328f35
Certificate serial:       018CC26D62FC811332DFD117C14486D7F970
Authority key identifier: 3C:C9:4F:F4:79:77:86:51:A6:05:12:1F:1F:FE:67:81:96:32:8F:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PMlP9Hl3hlGmBRIfH_5ngZYyjzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/1e63b6-3956-4d12-b19f-5bef6420a028/1/scYSHs2fDwfJ_LjsAazAk0EvsO0.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202896
IP address blocks:        78.26.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/1e63b6-3956-4d12-b19f-5bef6420a028/1/PMlP9Hl3hlGmBRIfH_5ngZYyjzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/1e63b6-3956-4d12-b19f-5bef6420a028/1/PMlP9Hl3hlGmBRIfH_5ngZYyjzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PMlP9Hl3hlGmBRIfH_5ngZYyjzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:62:fc:81:13:32:df:d1:17:c1:44:86:d7:f9:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cc94ff479778651a605121f1ffe678196328f35
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1c6121ecd9f0f07c9fcb8ec01acc093412fb0ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:73:3a:5b:21:2b:7e:28:c6:10:ac:ad:c6:fb:
                    ec:76:a1:1d:18:70:6d:2e:67:21:60:64:8f:ae:fe:
                    20:51:50:ca:43:df:1e:22:11:d2:6d:4a:aa:f1:54:
                    bc:71:19:29:d1:84:7f:b4:98:d1:99:30:98:fe:1c:
                    9c:c0:38:00:76:28:ca:c0:6d:67:eb:5c:ae:c1:a6:
                    44:a0:14:f5:d6:51:a4:49:4c:6f:e5:d7:4b:ce:ac:
                    68:71:a8:89:09:4e:76:53:bb:0c:47:95:1d:b1:4e:
                    eb:7a:55:0d:83:ff:1a:26:72:1d:45:8d:ac:c7:c5:
                    86:18:b1:34:fa:1f:f2:89:0b:c3:9e:16:9a:a6:3b:
                    b4:cb:45:c9:ae:e5:b7:8f:37:06:7a:24:f7:5a:70:
                    09:fe:84:11:67:3c:a1:27:fd:dc:bb:b9:37:d4:a7:
                    dc:e2:55:48:70:fd:31:fe:3f:d6:1f:ed:1c:ba:3e:
                    cc:7f:97:ce:a4:95:d1:c2:3c:47:2a:64:e7:bb:fa:
                    66:dc:22:f8:e9:85:58:af:bd:f6:44:2a:ff:91:0b:
                    8d:a8:c4:bc:e8:07:2b:0b:e4:28:80:9d:df:ce:0b:
                    b5:b1:01:b3:72:dc:74:3a:72:ad:ae:82:d8:95:89:
                    e2:d9:5a:d0:39:0c:40:08:67:31:f4:39:0b:c2:1d:
                    d8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:C6:12:1E:CD:9F:0F:07:C9:FC:B8:EC:01:AC:C0:93:41:2F:B0:ED
            X509v3 Authority Key Identifier:
                keyid:3C:C9:4F:F4:79:77:86:51:A6:05:12:1F:1F:FE:67:81:96:32:8F:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PMlP9Hl3hlGmBRIfH_5ngZYyjzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1e63b6-3956-4d12-b19f-5bef6420a028/1/scYSHs2fDwfJ_LjsAazAk0EvsO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1e63b6-3956-4d12-b19f-5bef6420a028/1/PMlP9Hl3hlGmBRIfH_5ngZYyjzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.26.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ed:b0:bb:53:13:09:6b:29:dd:96:fe:69:84:f4:0e:b5:93:a7:
         95:83:6d:29:25:2d:29:1a:c0:a5:b5:3b:5f:59:23:d9:d1:47:
         5c:1e:88:94:ff:fb:c4:36:5b:92:e7:ac:13:4c:73:67:67:47:
         25:a5:e7:0a:24:82:1c:11:99:10:0a:19:4f:f9:2a:72:91:92:
         69:aa:68:22:a9:96:62:af:83:07:57:ca:db:72:a7:ea:a3:6a:
         4c:37:2c:94:c9:6b:9f:5c:df:83:08:90:06:d5:09:f4:8d:f1:
         93:63:3f:34:9c:31:d3:02:e4:53:37:8a:8b:24:85:ed:c3:55:
         8f:b6:80:dc:25:16:00:3f:dc:cd:6c:6f:35:ee:1a:bd:04:9d:
         dd:81:e0:bd:c4:e7:78:d4:54:34:79:6d:05:52:6f:10:7c:7a:
         7a:ef:46:f7:55:9d:f1:58:0e:70:e6:1b:2c:b3:1a:b6:4e:dd:
         c3:6d:df:dd:c0:fe:01:73:df:b7:20:94:d1:8b:61:dc:3e:03:
         4b:c9:b2:16:bf:77:70:88:62:fc:43:4b:8a:79:a3:84:1a:80:
         fb:7c:e8:50:0a:0e:fa:4e:7c:d7:34:ff:cd:ef:c0:64:e3:da:
         13:50:a4:88:08:e2:f5:68:94:ec:ce:cc:12:a8:c8:0f:ee:48:
         db:51:96:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWL8gRMy39EXwUSG1/lwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjYzk0ZmY0Nzk3Nzg2NTFhNjA1MTIxZjFmZmU2NzgxOTYz
MjhmMzUwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWM2MTIxZWNkOWYwZjA3YzlmY2I4ZWMwMWFjYzA5MzQxMmZiMGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunM6WyErfijGEKytxvvsdqEdGHBt
LmchYGSPrv4gUVDKQ98eIhHSbUqq8VS8cRkp0YR/tJjRmTCY/hycwDgAdijKwG1n
61yuwaZEoBT11lGkSUxv5ddLzqxocaiJCU52U7sMR5UdsU7relUNg/8aJnIdRY2s
x8WGGLE0+h/yiQvDnhaapju0y0XJruW3jzcGeiT3WnAJ/oQRZzyhJ/3cu7k31Kfc
4lVIcP0x/j/WH+0cuj7Mf5fOpJXRwjxHKmTnu/pm3CL46YVYr732RCr/kQuNqMS8
6AcrC+QogJ3fzgu1sQGzctx0OnKtroLYlYni2VrQOQxACGcx9DkLwh3YxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHGEh7Nnw8Hyfy47AGswJNBL7DtMB8GA1UdIwQY
MBaAFDzJT/R5d4ZRpgUSHx/+Z4GWMo81MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE1sUDlIbDNobEdtQlJJZkhfNW5nWll5anpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8xZTYzYjYtMzk1Ni00ZDEyLWIxOWYt
NWJlZjY0MjBhMDI4LzEvc2NZU0hzMmZEd2ZKX0xqc0FhekFrMEV2c08wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8xZTYzYjYtMzk1Ni00ZDEyLWIxOWYtNWJlZjY0MjBhMDI4
LzEvUE1sUDlIbDNobEdtQlJJZkhfNW5nWll5anpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThp+MA0G
CSqGSIb3DQEBCwUAA4IBAQDtsLtTEwlrKd2W/mmE9A61k6eVg20pJS0pGsCltTtf
WSPZ0UdcHoiU//vENluS56wTTHNnZ0clpecKJIIcEZkQChlP+SpykZJpqmgiqZZi
r4MHV8rbcqfqo2pMNyyUyWufXN+DCJAG1Qn0jfGTYz80nDHTAuRTN4qLJIXtw1WP
toDcJRYAP9zNbG817hq9BJ3dgeC9xOd41FQ0eW0FUm8QfHp670b3VZ3xWA5w5hss
sxq2Tt3Dbd/dwP4Bc9+3IJTRi2HcPgNLybIWv3dwiGL8Q0uKeaOEGoD7fOhQCg76
TnzXNP/N78Bk49oTUKSICOL1aJTszswSqMgP7kjbUZbC
-----END CERTIFICATE-----